Parent

Methods

Class/Module Index [+]

Quicksearch

Rex::Proto::SMB::SimpleClient::UnitTest::DCERPCResponse

Attributes

ack_reason[RW]
ack_result[RW]
ack_xfer_syntax_uuid[RW]
ack_xfer_syntax_vers[RW]
alloc_hint[RW]
assoc_group[RW]
auth_len[RW]
call_id[RW]
cancel_cnt[RW]
context_id[RW]
data_rep[RW]
flags[RW]
frag_len[RW]
max_frag_recv[RW]
max_frag_xmit[RW]
nack_reason[RW]
num_results[RW]
raw[RW]
sec_addr[RW]
sec_addr_len[RW]
status[RW]
stub_data[RW]
type[RW]
vers_major[RW]
vers_minor[RW]
xfer_syntax_uuid[RW]
xfer_syntax_vers[RW]

Public Class Methods

new(data) click to toggle source

Create a new DCERPC::Response object This can be initialized in two ways: 1) Call .new() with the first 10 bytes of packet, then call parse on the rest 2) Call .new() with the full packet contents

# File lib/rex/proto/dcerpc/response.rb, line 21
def initialize(data)

        self.ack_result = []
        self.ack_reason = []
        self.ack_xfer_syntax_uuid = []
        self.ack_xfer_syntax_vers = []

        if (! data or data.length < 10)
                raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
        end

        if (data.length == 10)
                self.frag_len = data[8,2].unpack('v')[0]
                self.raw = data
        end

        if (data.length > 10)
                self.raw = data
                self.parse
        end
end

Public Instance Methods

parse(body = '') click to toggle source

Parse the contents of a DCERPC response packet and fill out all the fields

# File lib/rex/proto/dcerpc/response.rb, line 44
def parse(body = '')
        self.raw = self.raw + body
        self.type = self.raw[2,1].unpack('C')[0]

        uuid = Rex::Proto::DCERPC::UUID
        data = self.raw


        if(not data)
                raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
        end

        # BIND_ACK == 12, ALTER_CONTEXT_RESP == 15
        if (self.type == 12 or self.type == 15)

                # Decode most of the DCERPC header
                self.vers_major,
                self.vers_minor,
                trash,
                self.flags,
                self.data_rep,
                self.frag_len,
                self.auth_len,
                self.call_id,
                self.max_frag_xmit,
                self.max_frag_recv,
                self.assoc_group,
                self.sec_addr_len = data.unpack('CCCCNvvVvvVv')


                if(not self.frag_len or data.length < self.frag_len)
                        raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
                end

                # Keep an offset into the packet handy
                x = 0

                # XXX This is still somewhat broken (4 digit ports)
                self.sec_addr = data[26, self.sec_addr_len]

                # Move the pointer into the packet forward
                x += 26 + self.sec_addr_len

                # Align the pointer on a dword boundary
                while (x % 4 != 0)
                        x += 1
                end

                # Figure out how many results we have (multiple-context binds)
                self.num_results = data[ x, 4 ].unpack('V')[0]

                # Move the pointer to the ack_result[0] offset
                x += 4

                # Initialize the ack_result index
                ack = 0

                # Scan through all results and add them to the result arrays
                while ack < self.num_results
                        self.ack_result[ack] = data[ x + 0, 2 ].unpack('v')[0]
                        self.ack_reason[ack] = data[ x + 2, 2 ].unpack('v')[0]
                        self.ack_xfer_syntax_uuid[ack] = uuid.uuid_unpack(data[ x + 4, 16 ])
                        self.ack_xfer_syntax_vers[ack] = data[ x + 20, 4 ].unpack('V')[0]
                        x += 24
                        ack += 1
                end

                # End of BIND_ACK || ALTER_CONTEXT_RESP
        end

        # BIND_NACK == 13
        if (self.type == 13)

                # Decode most of the DCERPC header
                self.vers_major,
                self.vers_minor,
                trash,
                self.flags,
                self.data_rep,
                self.frag_len,
                self.auth_len,
                self.call_id,
                self.nack_reason = data.unpack('CCCCNvvVv')
        end

        # RESPONSE == 2
        if (self.type == 2)

                # Decode the DCERPC response header
                self.vers_major,
                self.vers_minor,
                trash,
                self.flags,
                self.data_rep,
                self.frag_len,
                self.auth_len,
                self.call_id,
                self.alloc_hint,
                self.context_id,
                self.cancel_cnt = data.unpack('CCCCNvvVVvC')

                # Error out if the whole header was not read
                if !(self.alloc_hint and self.context_id and self.cancel_cnt)
                        raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
                end

                # Put the application data into self.stub_data
                self.stub_data = data[data.length - self.alloc_hint, 0xffff]
                # End of RESPONSE
        end

        # FAULT == 3
        if (self.type == 3)

                # Decode the DCERPC response header
                self.vers_major,
                self.vers_minor,
                trash,
                self.flags,
                self.data_rep,
                self.frag_len,
                self.auth_len,
                self.call_id,
                self.alloc_hint,
                self.context_id,
                self.cancel_cnt,
                trash,
                self.status = data.unpack('CCCCNvvVVvCCV')

                # Put the application data into self.stub_data
                self.stub_data = data[data.length - self.alloc_hint, 0xffff]
                # End of FAULT
        end

end

[Validate]

Generated with the Darkfish Rdoc Generator 2.